<html>
<head><meta charset="utf-8"><title>crates.io identity · wg-secure-code · Zulip Chat Archive</title></head>
<h2>Stream: <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/index.html">wg-secure-code</a></h2>
<h3>Topic: <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/crates.2Eio.20identity.html">crates.io identity</a></h3>

<hr>

<base href="https://rust-lang.zulipchat.com">

<head><link href="https://rust-lang.github.io/zulip_archive/style.css" rel="stylesheet"></head>

<a name="162126114"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/crates.io%20identity/near/162126114" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/crates.2Eio.20identity.html#162126114">(Mar 30 2019 at 15:44)</a>:</h4>
<p>Came upon this issue and was mildly terrified by the nonchalance <a href="https://github.com/rust-lang/crates.io/issues/326" target="_blank" title="https://github.com/rust-lang/crates.io/issues/326">https://github.com/rust-lang/crates.io/issues/326</a></p>



<a name="165639469"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/crates.io%20identity/near/165639469" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/crates.2Eio.20identity.html#165639469">(May 14 2019 at 16:52)</a>:</h4>
<p>a proposal to use TLS client certificates for <a href="http://crates.io" target="_blank" title="http://crates.io">crates.io</a> authentication: <a href="https://internals.rust-lang.org/t/ultra-pre-rfc-client-certificates-for-cargo-instead-of-shared-tokens/10173/2" target="_blank" title="https://internals.rust-lang.org/t/ultra-pre-rfc-client-certificates-for-cargo-instead-of-shared-tokens/10173/2">https://internals.rust-lang.org/t/ultra-pre-rfc-client-certificates-for-cargo-instead-of-shared-tokens/10173/2</a></p>



<a name="165639481"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/crates.io%20identity/near/165639481" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/crates.2Eio.20identity.html#165639481">(May 14 2019 at 16:53)</a>:</h4>
<p>(not something I'm particularly enthusiastic about)</p>



<a name="165819919"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/crates.io%20identity/near/165819919" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> DevQps <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/crates.2Eio.20identity.html#165819919">(May 16 2019 at 15:20)</a>:</h4>
<p>Thanks for sharing! I am wonderjng if this will go through anytime soon</p>



<a name="165820256"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/crates.io%20identity/near/165820256" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/crates.2Eio.20identity.html#165820256">(May 16 2019 at 15:23)</a>:</h4>
<p>if you follow the thread, almost certainly not</p>



<a name="165820335"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/crates.io%20identity/near/165820335" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/crates.2Eio.20identity.html#165820335">(May 16 2019 at 15:24)</a>:</h4>
<p>it would require Heroku implement some sort of means of passing the TLS peer identity through as an HTTP header</p>



<a name="165820352"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/crates.io%20identity/near/165820352" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/crates.2Eio.20identity.html#165820352">(May 16 2019 at 15:24)</a>:</h4>
<p>there are a few spitball methods of doing that, but it's probably not going to happen any time soon</p>



<a name="165820901"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/crates.io%20identity/near/165820901" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/crates.2Eio.20identity.html#165820901">(May 16 2019 at 15:30)</a>:</h4>
<p>don't get me wrong, I like the spirit of trying to improve the <a href="http://crates.io" target="_blank" title="http://crates.io">crates.io</a> AuthN story, but it seems like there's a lot of low hanging fruit that isn't happening, and a lot of complex half-baked ideas</p>



<a name="165862930"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/crates.io%20identity/near/165862930" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> DevQps <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/crates.2Eio.20identity.html#165862930">(May 17 2019 at 00:56)</a>:</h4>
<p>I understand what you mean. Personally I feel we should rather focus on other things as well</p>



<hr><p>Last updated: Aug 07 2021 at 22:04 UTC</p>
</html>